Agent not visible in Web GUI but connecting successfull on Server Tracing

[prononext]

Hi,

I am facing the problem that agents are connecting successully on the Server Tracing log, but not showing up online on the WEB GUI. When restarting the server and the agent, then they are becoming visible.

Same thing with new agents (just installed the agent or assistant) or existing agents (agent or assistant) which are just restarted on the desktop manually.

Restarting the Server solves the problem but how can I avoid that?

Server Trace Log for agent:

 AGENT: Verified agent connection to xxxxxx
 AGENT: New agent at xxxxx

Server Version: 1.0.2 System: Ubuntu 20.04 DB: MongoDB Mode: WAN only on FQDN

[Ylianst]

I have not seen this before. If you just hit refresh on the web page, do the agents show up? Can you provide your config.json and replace any confidential information with XXXXX? I can see if there is anything off.

[prononext]

Here is the config.json, I took the full one to have all options but did not activate all of them of course:

config.json

``` { "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json", "__comment__": "This is a sample configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.", "settings": { "cert": "yourmeshcentral.yourdomain.com", "MongoDb": "mongodb://127.0.0.1:27017", "_mongoDbName": "meshcentral", "_mongoDbChangeStream": true, "WANonly": true, "_LANonly": true, "sessionKey": "xxxxxxxxxxxxxxxxxxxxxx", "_sessionSameSite": "strict", "_certificatePrivateKeyPassword": [ "password1", "password2" ], "_dbEncryptKey": "xxxxxxxxxxxxxxxxxxxxxxx", "dbRecordsEncryptKey": "xxxxxxxxxxxxxxxxxxxxxxxxxxx", "_dbRecordsDecryptKey": "xxxxxxxxxxxxxxxxxxxxxx", "__dbExpire": "Amount of time to keep various events in the database, in seconds. Below are the default values.", "_dbExpire": { "events": 1728000, "powerevents": 864000, "statsevents": 2592000 }, "port": 443, "_portBind": "127.0.0.1", "_aliasPort": 444, "_redirPort": 80, "_redirPortBind": "127.0.0.1", "_redirAliasPort": 80, "_agentPort": 1234, "_agentPortBind": "127.0.0.1", "_agentAliasPort": 1234, "_agentAliasDNS": "agents.yourmeshcentral.yourdomain.com", "_agentPortTls": true, "_exactPorts": true, "_allowLoginToken": true, "_allowFraming": true, "_cookieIpCheck": false, "_cookieEncoding": "hex", "compression": true, "wscompression": true, "agentwscompression": true, "_agentsInRam": false, "_webRTC": false, "_nice404": false, "_selfUpdate": true, "_browserPing": 60, "_browserPong": 60, "_agentPing": 60, "_agentPong": 60, "_agentIdleTimeout": 150, "_meshErrorLogPath": "c:\\tmp", "_npmPath": "c:\\npm.exe", "_npmProxy": "http://1.2.3.4:80", "_allowHighQualityDesktop": true, "_webPush": { "email": "xxxxx@xxxxx.com" }, "_publicPushNotifications": true, "_desktopMultiplex": true, "_userAllowedIP": "127.0.0.1,192.168.1.0/24", "_userBlockedIP": "127.0.0.1,::1,192.168.0.100", "_agentAllowedIP": "192.168.0.100/24", "_agentBlockedIP": "127.0.0.1,::1", "_authLog": "c:\\temp\\auth.log", "_InterUserMessaging": [ "user//admin" ], "_manageAllDeviceGroups": [ "user//admin" ], "_manageCrossDomain": [ "user//admin" ], "_localDiscovery": { "name": "Local server name", "info": "Information about this server" }, "_tlsOffload": "127.0.0.1,::1", "_trustedProxy": "127.0.0.1,::1", "mpsPort": 4433, "_mpsPortBind": "127.0.0.1", "_mpsAliasPort": 4433, "_mpsAliasHost": "yourmeshcentral.yourdomain.com", "_mpsTlsOffload": true, "_no2FactorAuth": true, "_runOnServerStarted": "c:\\tmp\\mcstart.bat", "_runOnServerUpdated": "c:\\tmp\\mcupdate.bat", "_runOnServerError": "c:\\tmp\\mcerror.bat", "_log": "main,web,webrequest,cert", "_syslog": "meshcentral", "_syslogauth": "meshcentral-auth", "_syslogjson": "meshcentral-json", "_syslogtcp": "localhost:514", "_webrtcConfig": { "iceServers": [ { "urls": "stun:stun.services.mozilla.com" }, { "urls": "stun:stun.l.google.com:19302" } ] }, "_autoBackup": { "_mongoDumpPath": "C:\\Program Files\\MongoDB\\Server\\4.2\\bin\\mongodump.exe", "backupIntervalHours": 24, "keepLastDaysBackup": 10, "zipPassword": "MyReallySecretPassword3", "_backupPath": "C:\\backups", "_googleDrive": { "folderName": "MeshCentral-Backups", "maxFiles": 10 }, "webdav": { "url": "https://server/remote.php/dav/files/xxxxx@server.com/", "username": "user", "password": "pass", "folderName": "MeshCentral-Backups", "maxFiles": 10 } }, "_redirects": { "meshcommander": "https://www.meshcommander.com/" }, "__maxInvalidLogin": "Time in minutes, max amount of bad logins from a source IP in the time before logins are rejected.", "_maxInvalidLogin": { "time": 10, "count": 10, "coolofftime": 10 }, "__maxInvalid2fa": "Time in minutes, max amount of bad two-factor authentication from a source IP in the time before 2FA's are rejected.", "_maxInvalid2fa": { "time": 10, "count": 10, "coolofftime": 10 }, "watchDog": { "interval": 100, "timeout": 400 }, "_AmtProvisioningServer": { "port": 9971, "deviceGroup": "mesh//xxxxxxxxxxxxxxxxxxxxx", "newMebxPassword": "amtpassword", "trustedFqdn": "sample.com", "ip": "192.168.1.1" }, "_plugins": { "enabled": true } }, "_domaindefaults": { "__comment__": "Any settings in this section is used as default setting for all domains", "title": "MyDefaultTitle", "footer": "Default page footer", "newAccounts": false }, "domains": { "": { "siteStyle": 2, "title": "company Meshcentral", "_title2": "Servername", "titlePicture": "img/meshcentral-title.png", "loginPicture": "img/meshcentral-logo.png", "_userQuota": 1048576, "_meshQuota": 248576, "minify": true, "_guestDeviceSharing" : false, "_AutoRemoveInactiveDevices": 37, "_DeviceSearchBarServerAndClientName": false, "_loginKey": [ "abc", "123" ], "_agentKey": [ "abc", "123" ], "newAccounts": false, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "userNameIsEmail": true, "_newAccountEmailDomains": [ "sample.com" ], "_newAccountsRights": [ "nonewgroups", "notools" ], "welcomeText": "Authorized Access Only!", "welcomePicture": "img/bg-welcome.webp", "welcomePictureFullScreen": true, "meshMessengerTitle": "company Support", "_meshMessengerPicture": "messenger.png", "___hide__": "Sum of: 1 = Hide header, 2 = Hide tab, 4 = Hide footer, 8 = Hide title, 16 = Hide left bar, 32 = Hide back buttons", "_hide": 4, "footer": "Contact us.", "loginfooter": "contact company.", "_certUrl": "https://192.168.2.106:443/", "altMessenging": { "name": "company", "url": "https://company.com" }, "_deviceMeshRouterLinks": { "rdp": true, "ssh": true, "scp": true, "extralinks": [ { "name": "HTTP", "protocol": "http", "port": 80, "_ip": "192.168.1.100", "_filter": [ "mesh/(domainid)/(meshid)", "node/(domainid)/(nodeid)" ] }, { "name": "HTTPS", "protocol": "https", "port": 443 } ] }, "PreconfiguredRemoteInput": [ { "name": "CompagnyUrl", "value": "https://help.mycompany.com/" }, { "name": "Any Text", "value": "Any text\r" }, { "name": "Welcome", "value": "Default welcome text" } ], "myServer": { "Backup": true, "Restore": true, "Upgrade": true, "ErrorLog": true, "Console": true, "Trace": true }, "passwordRequirements": { "min": 10, "max": 128, "upper": 1, "lower": 1, "numeric": 1, "nonalpha": 1, "reset": 90, "force2factor": true, "skip2factor": "127.0.0.1,192.168.2.0/24", "oldPasswordBan": 5, "banCommonPasswords": false, "twoFactorTimeout": 300 }, "_twoFactorCookieDurationDays": 30, "_agentInviteCodes": true, "_agentNoProxy": true, "_geoLocation": true, "_novnc": false, "_mstsc": true, "_ssh": true, "_WebEmailsPath": "/myserver/email-templates", "consentMessages": { "title": "company support", "desktop": "{0} requesting remote desktop access. Grant access?", "terminal": "{0} requesting remote terminal access. Grant access?", "files": "{0} requesting remote files access. Grant access?", "consentTimeout": 30, "autoAcceptOnTimeout": false }, "notificationMessages": { "title": "company Support", "desktop": "{0} started a remote desktop session.", "terminal": "{0} started a remote terminal session.", "files": "{0} started a remote files session." }, "agentCustomization": { "displayName": "company Support", "description": "company Support agent for remote monitoring, management and assistance.", "companyName": "company", "serviceName": "Meshcentral", "image": "img/meshcentral-agent.png", "fileName": "company-support", "installText": "Install the agent or connect.", "foregroundColor": "0,21,102", "backgroundColor": "255,255,255" }, "assistantCustomization": { "title": "company Assist", "description": "Remote Support Assistance Agent", "image": "img/meshcentral-title.png", "fileName": "company-assist" }, "androidCustomization": { "title": "company Support", "description": "Remote Support Assistance Agent.", "subtitle": "Remote Infrastructure Management", "image": "img/meshcentral-logo.png" }, "_userAllowedIP": "127.0.0.1,192.168.1.0/24", "_userBlockedIP": "127.0.0.1,::1,192.168.0.100", "_agentAllowedIP": "192.168.0.100/24", "_agentBlockedIP": "127.0.0.1,::1", "_orphanAgentUser": "admin", "___userSessionIdleTimeout__": "Number of user idle minutes before auto-disconnect", "userSessionIdleTimeout": 60, "userConsentFlags": { "desktopnotify": false, "terminalnotify": false, "filenotify": false, "desktopprompt": false, "terminalprompt": false, "fileprompt": false, "desktopprivacybar": false }, "_urlSwitching": false, "_desktopPrivacyBarText": "Privacy bar: {0}, {1}", "_limits": { "_maxDevices": 100, "_maxUserAccounts": 100, "_maxUserSessions": 100, "_maxAgentSessions": 100, "maxSingleUserSessions": 10 }, "_terminal": { "_linuxshell": "login", "launchCommand": { "linux": "clear\necho \"Hello Linux\"\n", "darwin": "clear\necho \"Hello MacOS\"\n", "freebsd": "clear\necho \"Hello FreeBSD\"\n" } }, "_amtScanOptions": [ "LabNetwork 192.168.15.0/23", "SalesNetwork 192.168.8.0/24" ], "_amtAcmActivation": { "log": "amtactivation.log", "certs": { "mycertname": { "certfiles": [ "amtacm-leafcert.crt", "amtacm-intermediate1.crt", "amtacm-intermediate2.crt", "amtacm-rootcert.crt" ], "keyfile": "amtacm-leafcert.key" } } }, "_amtManager": { "adminAccounts": [{ "user": "admin", "pass": "MyP@ssw0rd" }], "environmentDetection": [ "domain1.com", "domain2.com", "domain3.com", "domain4.com" ], "wifiProfiles": [ { "name": "Profile1", "ssid": "MyStation1", "authentication": "wpa2-psk", "encryption": "ccmp-aes", "password": "MyP@ssw0rd" } ] }, "_redirects": { "meshcommander": "https://www.meshcommander.com/" }, "_yubikey": { "id": "0000", "secret": "xxxxxxxxxxxxxxxxxxxxx", "_proxy": "http://myproxy.domain.com:80" }, "_httpHeaders": { "Strict-Transport-Security": "max-age=360000", "x-frame-options": "SAMEORIGIN" }, "_agentConfig": [ "webSocketMaskOverride=1", "coreDumpEnabled=1" ], "_assistantConfig": [ "disableUpdate=1" ], "sessionRecording": { "onlySelectedUsers": true, "onlySelectedUserGroups": true, "onlySelectedDeviceGroups": true, "_filepath": "/home/ubuntu/meshcentral-recordings/", "index": true, "_maxRecordings": 10, "_maxRecordingDays": 15, "maxRecordingSizeMegabytes": 3000, "__protocols__": "Is an array: 1 = Terminal, 2 = Desktop, 5 = Files, 100 = Intel AMT WSMAN, 101 = Intel AMT Redirection, 200 = Messenger", "protocols": [ 1, 2, 5, 100, 101, 200 ] }, "_authStrategies": { "__comment__": "This section is used to allow users to login using other accounts. You will need to get an API key from the services and register callback URL's", "twitter": { "_callbackurl": "https://server/auth-twitter-callback", "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "clientid": "xxxxxxxxxxxxxxxxxxxxxxx", "clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" }, "google": { "_callbackurl": "https://server/auth-google-callback", "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "clientid": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com", "clientsecret": "xxxxxxxxxxxxxxxxxxxxxxx" }, "github": { "_callbackurl": "https://server/auth-github-callback", "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "clientid": "xxxxxxxxxxxxxxxxxxxxxxx", "clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" }, "reddit": { "_callbackurl": "https://server/auth-reddit-callback", "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "clientid": "xxxxxxxxxxxxxxxxxxxxxxx", "clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" }, "azure": { "_callbackurl": "https://server/auth-azure-callback", "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "clientid": "00000000-0000-0000-0000-000000000000", "clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "tenantid": "00000000-0000-0000-0000-000000000000" }, "jumpcloud": { "_callbackurl": "https://server/auth-jumpcloud-callback", "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "entityid": "meshcentral", "idpurl": "https://sso.jumpcloud.com/saml2/saml2", "cert": "jumpcloud-saml.pem" }, "saml": { "_callbackurl": "https://server/auth-saml-callback", "_disableRequestedAuthnContext": true, "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "_newAccountsRights": [ "nonewgroups", "notools" ], "entityid": "meshcentral", "idpurl": "https://server/saml2", "cert": "saml.pem" } } }, "_customer1": { "_dns": "customer1.myserver.com", "_title": "Customer1", "_title2": "TestServer", "_newAccounts": 1, "_auth": "sspi", "__auth": "ldap", "_LDAPUserName": "gecos", "_LDAPUserKey": "uid", "_LDAPUserEmail": "otherMail", "_LDAPPptions": { "url": "test", "anne": { "gecos": "Anne O'Nyme", "displayName": "O Nyme anne", "uid": "anneonyme", "mail": "anneonyme@example.com", "email": "anneonyme@example.com", "otherMail": [ "other.anneonyme@example.com", "anneonyme@example.com" ] }, "so": { "displayName": "Sticker Sophie", "gecos": "Sophie Sticker", "uid": "ssticker", "mail": "ssticker@example.com", "email": "ssticker@example.com", "otherMail": [ "other.ssticker@example.com", "ssticker@example.com" ] } }, "__LDAPOptions": { "URL": "ldap://1.2.3.4:389", "BindDN": "CN=svc_meshcentral,CN=Users,DC=meshcentral,DC=local", "BindCredentials": "Password.1", "SearchBase": "DC=meshcentral,DC=local", "SearchFilter": "(sAMAccountName={{username}})" }, "footer": "Test", "_certUrl": "https://192.168.2.106:443/" }, "_info": { "_share": "C:\\ExtraWebSite" } }, "letsencrypt": { "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.", "email": "ssl@company.com", "names": "yourmeshcentral.yourdomain.com", "skipChallengeVerification": false, "production": true }, "_peers": { "serverId": "server1", "servers": { "server1": { "url": "wss://192.168.2.133:443/" }, "server2": { "url": "wss://192.168.1.106:443/" } } }, "_smtp": { "host": "smtp.myserver.com", "port": 25, "from": "myemail@myserver.com", "__tls__": "When 'tls' is set to true, TLS is used immidiatly when connecting. For SMTP servers that use TLSSTART, set this to 'false' and TLS will still be used.", "tls": false, "___tlscertcheck__": "When set to false, the TLS certificate of the SMTP server is not checked.", "_tlscertcheck": false, "__tlsstrict__": "When set to true, TLS cypher setup is more limited, SSLv2 and SSLv3 are not allowed.", "_tlsstrict": true }, "_sendgrid": { "from": "myemail@myserver.com", "apikey": "***********" }, "_sendmail": { "newline": "unix", "path": "/usr/sbin/sendmail", "_args": [ "-f", "foo@example.com" ] }, "_sms": { "provider": "twilio", "sid": "ACxxxxxxxxx", "auth": "xxxxxxx", "from": "+1-555-555-5555" }, "__sms": { "provider": "plivo", "id": "xxxxxxx", "token": "xxxxxxx", "from": "1-555-555-5555" }, "___sms": { "provider": "telnyx", "apikey": "xxxxxxx", "from": "1-555-555-5555" } } ```

[prononext]

Also with this config the "agent console" is not visible anymore. As I remember it dissapeared after activating compression and minify, but even if that is deactivated the agent console is still not showing.

[Ylianst]

FYI. Removing all ignored values and defaults, here is your config.json:

config.json

``` { "settings": { "cert": "yourmeshcentral.yourdomain.com", "MongoDb": "mongodb://127.0.0.1:27017", "WANonly": true, "dbRecordsEncryptKey": "xxxxxxxxxxxxxxxxxxxxxxxxxxx", "watchDog": { "interval": 100, "timeout": 400 } }, "domains": { "": { "title": "company Meshcentral", "titlePicture": "img/meshcentral-title.png", "loginPicture": "img/meshcentral-logo.png", "minify": true, "newAccounts": false, "userNameIsEmail": true, "welcomeText": "Authorized Access Only!", "welcomePicture": "img/bg-welcome.webp", "welcomePictureFullScreen": true, "meshMessengerTitle": "company Support", "footer": "Contact us.", "loginfooter": "contact company.", "altMessenging": { "name": "company", "url": "https://company.com" }, "PreconfiguredRemoteInput": [ { "name": "CompagnyUrl", "value": "https://help.mycompany.com/" }, { "name": "Any Text", "value": "Any text\r" }, { "name": "Welcome", "value": "Default welcome text" } ], "myServer": { "Backup": true, "Restore": true, "Upgrade": true, "ErrorLog": true, "Console": true, "Trace": true }, "passwordRequirements": { "min": 10, "max": 128, "upper": 1, "lower": 1, "numeric": 1, "nonalpha": 1, "reset": 90, "force2factor": true, "skip2factor": "127.0.0.1,192.168.2.0/24", "oldPasswordBan": 5, "banCommonPasswords": false, "twoFactorTimeout": 300 }, "consentMessages": { "title": "company support", "desktop": "{0} requesting remote desktop access. Grant access?", "terminal": "{0} requesting remote terminal access. Grant access?", "files": "{0} requesting remote files access. Grant access?", "consentTimeout": 30, "autoAcceptOnTimeout": false }, "notificationMessages": { "title": "company Support", "desktop": "{0} started a remote desktop session.", "terminal": "{0} started a remote terminal session.", "files": "{0} started a remote files session." }, "agentCustomization": { "displayName": "company Support", "description": "company Support agent for remote monitoring, management and assistance.", "companyName": "company", "serviceName": "Meshcentral", "image": "img/meshcentral-agent.png", "fileName": "company-support", "installText": "Install the agent or connect.", "foregroundColor": "0,21,102", "backgroundColor": "255,255,255" }, "assistantCustomization": { "title": "company Assist", "description": "Remote Support Assistance Agent", "image": "img/meshcentral-title.png", "fileName": "company-assist" }, "androidCustomization": { "title": "company Support", "description": "Remote Support Assistance Agent.", "subtitle": "Remote Infrastructure Management", "image": "img/meshcentral-logo.png" }, "userSessionIdleTimeout": 60, "userConsentFlags": { "desktopnotify": false, "terminalnotify": false, "filenotify": false, "desktopprompt": false, "terminalprompt": false, "fileprompt": false, "desktopprivacybar": false }, "sessionRecording": { "onlySelectedUsers": true, "onlySelectedUserGroups": true, "onlySelectedDeviceGroups": true, "_filepath": "/home/ubuntu/meshcentral-recordings/", "index": true, "_maxRecordings": 10, "_maxRecordingDays": 15, "maxRecordingSizeMegabytes": 3000, "__protocols__": "Is an array: 1 = Terminal, 2 = Desktop, 5 = Files, 100 = Intel AMT WSMAN, 101 = Intel AMT Redirection, 200 = Messenger", "protocols": [ 1, 2, 5, 100, 101, 200 ] } } }, "letsencrypt": { "email": "ssl@company.com", "names": "yourmeshcentral.yourdomain.com", "skipChallengeVerification": false, "production": true } } ```

[Ylianst]

To see the agent console, you need to have full rights to the device. If you have been granted partial rights to the device, you will not see the agent console.

If devices connect but you can't see them, they may be connecting to a device group that you have no rights to. Even if you are administrator of the server, you will not see all device groups unless you use this option in the config.json:

"manageAllDeviceGroups": [ "user//admin" ]

So, if another user create a device group and installs a few devices that connect to that device group, you will not see these devices unless you are granted rights to the device group or use the "manageAllDeviceGroups" configuration.

[prononext]

Found the error there is some hickup with activated session recordings inside the admin user. https://github.com/Ylianst/MeshCentral/issues/3857#issuecomment-1094126949